Ponzis and death: The stranger ways to lose crypto

Bitcoin Ponzi scams are raking in millions - all without much effort.

That may be self-explanatory to those who traffic the social media forums where the subject is discussed, but to researchers, it's also a fertile ground for new findings. For them, someone asking for money and promising 100x returns isn't simply a nuisance, they're an opportunity for study.

Indeed, the Financial Crypto 2018 conference in Curacao last week delved deep into the many ways these scams are propagating and why some have been so much more successful than others.

University of New Mexico assistant professor Marie Vasek looked through nearly 2,000 scams, revealing research that hinted at the sheer variety seeking crypto gains. Some, she said, last for ages until the hoax is found out, others come and vanish overnight, all without much interest.

By looking at the scams and how long each lasted - what they called the scam's "time of death" - Vasek shed light on what works the best for scammers, typically launching their scams on popular and reputable bitcoin forums, such as Bitcoin Talk.

The gist? The most long-lasting scams are those where the scammers engage with the community the most and have a thriving community of commenters.

Vasek told attendees:

"Small cores of about five people that are very good at doing this. You see this in our other paper. One will die and another appears."

Attracting victims, like flies to a light, is as easy as acting as if the scam has tons of attention, she said. To this end, about 30 percent of scam threads have posts from shills, or those that the scammers pay to post positive things about the scam, according to Vasek's analysis.

But there's no shortage of strange ways users can lose money in the cryptocurrency Wild West. As such, computer researchers in Curacao looked at some of the stranger ways as well.

Dead or not?

Another report from researcher group IC3 explored how death can cause problems for users who are trying to secure their cryptocurrencies.

As an example, the researchers highlighted multi-signature wallets, a variation on the tool that aims to add security by giving multiple users the ability to sign and spend funds. That way, if one private key is compromised by an attacker or otherwise, they can't do anything.

But these protections are a double-edged sword. If one participant in a 2-of-2 multi-signature setup dies or disappears, the funds will then be unspendable and lost forever.

The easiest way to mitigate the issue would be to introduce some entity that is trusted to declare whether Bob dies or not, Cornell University computer science researcher Fan Zhang argued. But with cryptocurrencies, the whole idea is to prevent a single point of failure, such as one that accidentally declares Bob dead, when he isn't really.

"Of course, we don't want to trust anyone. So, how do we realize this without trusted third party? And how do we prove if Bob has been hit by the bus or that a key is permanently unusable?" Zhang said.

That's the question the group of IC3 researchers in work they call "paralysis proofs," which aims to "prove" that one person involved in the multi-signature setup can no longer participate, whether one of them died or simply lost their private key.

There are a couple of ways they can do this. With ethereum it's straightforward. But with bitcoin, Zhang suggested the easiest way to prove a user can't participate in a multi-signature transaction would be to bring in trusted hardware, located in some computers, into the mix.

In short, the trusted hardware sends out "life signals" to a participant who is suspected to have lost their key or might be dead. If the participant doesn't respond to the signal in a timely manner, then his or her key is no longer required to spend the funds.

Sounds all well and good, but one audience member pointed out one possible flaws. "You could get the money by killing Bob," he said. This isn't as cheeky of a concern as you might think since security experts often think about these kinds of attack scenarios.

IC3 researcher Fen agreed, saying, "If you can kill Bob, all bets are off. Killing Bob is a whole different story."

Whether this is a real vulnerability or not, the problem they're trying to fix is indeed on researchers' minds right now. So, there are other proposed solutions, such as adding a timelock to a multi-signature transaction so it can be spent after it goes unused for a certain amount of time.

'Hostile takeovers'

Another researcher, New York University's Joseph Bonneau, looked at how much it would cost to execute perhaps the most infamous of blockchain attacks, a "51% attack," where one entity controls so much of the mining capacity, it can begin to bend (or break) the rules of the system.

The primary retort from cryptocurrency supporters is that this would not be in the attacker's self-interest, because attacking the network requires you to spend millions or billions to buy up mining equipment. And, once they do all that, they won't be able to make all that much money from it.

But, in new research, Bonneau explores how much it would be to launch such an attack anyway, for someone who's not expecting profit.

"If there's a villain out there like [character Auric] Goldfinger from the James Bond movies with no intrinsic motivation, how expensive would a blockchain be to kill?" he asked.

Bonneau explained that there are different ways of buying up the necessary power to disrupt the network, varying from blockchain to blockchain.

He started with the easiest to execute. Rather than buying a thousands of mining computers and wiring them up, a lazier attacker can launch a "rent" attack by buying power online using a cloud platform such as Amazon Web Services with a click of a few buttons.

Since it's possible to rent GPUs, the power underpinning ethereum, but not ASICs, the hardware securing bitcoin, this is an attack that affects ethereum, but not bitcoin. "It would take about $2 million an hour to attack ethereum," Bonneau stated.

Meanwhile, if an malicious attacker were to instead launch what Bonneau calls a "build" attack, that's where a malicious attacker actually buys up enough physical mining hardware to control the network.

As you might have gathered, buying hardware is more expensive than temporarily renting it. Bonneau estimates it would take roughly $1.5 billion an hour to execute such an attack on either bitcoin or ethereum.

All that said, Bonneau argues his back-of-the-napkin analysis isn't completely accurate. "People argued with me up or down on Twitter. But I would argue the exact number doesn't matter, the order of magnitude does," Bonneau said, adding that there's "a lot left to model" and "we need more detailed analysis."

Bonneau implied, though, that with the estimates he's made for now, these attacks might be too cheap and easy. "Is this enough for an $80 billion system?" he asked in an open question to the audience.

If more and more people begin to use this form of online currency, this attack vector might grow on people's minds, he argued, concluding the presentation with a prediction:

"I think there will be more fear that this will happen in the future."